Chicago OWASP April Meeting - Storms Brewing in your JS & Avoiding an inCIdent

  • 1871 222 West Merchandise Mart Plaza Chicago, IL, 60654 United States

Evolve Security Academy is excited to be the Sponsor's of This Month's OWASP Chicago Meeting
 

Register: https://www.meetup.com/EvolveSec/events/239216532/

Agenda: 

6:00-6:30pm - Gather and mingle 

Food & Beverage Provided 

Talk 1: Warning Ahead: Security Storms are Brewing In your Javascript

JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have we ever properly considered the security state of this scripting language?

Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact of JavaScript vulnerability exploitation to the enterprise: from stealing server-side data to infecting users with malware. Hackers are beginning to recognize this new playground and are quickly adding JavaScript exploitation tools to their Web attack arsenal.

In this talk we explore the vulnerabilities behind Javascript, including:

- A new class of vulnerabilities unique only to JavaScript

- Vulnerabilities in 3rd-party platforms which are exploited through JavaScript code

- A new set of vulnerabilities enabled by HTML5

Talk 2:  Avoiding an inCIdent: when CI hurts

Continuous Integration and Continuous Deployment systems are an absolute necessity. Unfortunately common CI systems such as Jenkins have multiple security issues, and once compromised provide a fairly big payoff for an attacker. As helpful as they are, the reality is that your CI is a high risk target. This talk will discuss some common attack methods against Jenkins and other CI systems, and suggest some strategies for architecting a secure solution.

Rob Havelt has been hacking all the things for a really long time. Formerly running a large PenTest team at SpiderLabs, currently doing Merger and Acquisitions security for Salesforce.

 

OWASP: OWASP is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

 

Evolve Security Academy:

Evolve is a 17-week Cyber Security Bootcamp that provides in-person and immersive training, giving students the concrete and practical skills they will actually need on the job. Students gain real work experience through the live security assessment work they perform on not-for-profit companies. With over 238,000 unfilled cyber security jobs in the U.S. and 1,000,000 globally, our primary focus is on creating top-tier cyber security talent and placing them into a high-paying job. Join the meetup group.